Perform operations on G Suite users, groups and roles via Workflow Automator
Orchestration apps let you automate repeatable tasks and actions that span across a diverse set of systems and applications using workflows. The list of actions supported for this app include:
Make User Super Admin
Assign a Role To User
Get Role Assignment
Delete Role Assignment
Get Group Details
Get Group Member
Assign Member to Group
Update group member
Delete group member
Check Group Member
Assign Member to Multiple Groups
To install and authenticate the app you need to provide the following input:
Private Key Id
Email Id (The Gsuite account email address)
Step 1: Create a Service Account
Set up a Service Account project in the Google API Console.
Create a new project (or select an existing one)
Click on Create service account.
Under Service account details, type a name, ID, and description for the service account, then click Create.
Under Service account permissions, select the IAM roles as 'Project Owner' to grant to the service account, then click Continue.
Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
After the service account is created, open the service account, click on "Edit" then click "Add Key" under "Keys", then click "Create New Key".
Make sure the key type is set to JSON and click Create.
Click Close > Save.
Save the downloaded JSON key.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
Note: The Client Email, Private Key and Private Key Id used as app installation inputs are obtained from the Service account JSON file downloaded. So one needs to copy these parameters from the downloaded JSON file and give the app input as shown below.
Then go inside the Service account created and click on "Show Domain-Wide Delegation" and then tick "Enable G Suite Domain-wide Delegation" and then Save.
Step 2: Enable Admin SDK API
Open your project in the API Console. Click on ENABLE APIS AND SERVICES
In the list of APIs, search and click Admin SDK API.
Click on ENABLE to enable Admin SDK API
Step 3: Assign OAUTH Scopes for Admin SDK API
Under Domain-wide delegation, click Manage Domain Wide Delegation.
On the Manage domain-wide delegation page, click Add new.
Enter the client ID of the service account or OAuth2 client ID of the app.
Under the OAuth Scope, add each scope that the application can access.
Provide the following OAuth scopes using the above steps